ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
(File Search Facilities)
m
Line 1: Line 1:
=Pyflag=
+
=PyFlag=
  
"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations."
+
"''FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations''". --[http://pyflag.sourceforge.net/ PyFlag Website]
 
+
[http://pyflag.sourceforge.net/ Website]
+
  
  
Line 33: Line 31:
  
 
==Evidence Collection Features==
 
==Evidence Collection Features==
 
  
  
 
=History=
 
=History=
  
 
 
* Creates a "case file".
 
* Creates a "case file".
  
Line 47: Line 43:
 
= External Links =
 
= External Links =
 
   
 
   
[http://pyflag.sourceforge.net/ Website}
+
* [http://pyflag.sourceforge.net/ Website]
  
 
==External Reviews==
 
==External Reviews==

Revision as of 20:12, 21 March 2006

PyFlag

"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations". --PyFlag Website


Features

File Systems Understood

(unknown)

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

  • Hashes and compares with Hashkeeper using MD5.

Evidence Collection Features

History

  • Creates a "case file".

License Notes

GNU GPL.

External Links

External Reviews